[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 108457 Download | Alert*

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to, ProxySG 6.5 prior to, ProxySG 6.6, and ProxySG 6.7 prior to are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.

Symantec Advanced Secure Gateway (ASG) 6.6 prior to, ASG 6.7 prior to, ProxySG 6.5 prior to, ProxySG 6.6 prior to, and ProxySG 6.7 prior to are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication cre ...

The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors.

Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.

go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from ...

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password fa ...

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.

Pages:      Start    9885    9886    9887    9888    9889    9890    9891    9892    9893    9894    9895    9896    9897    9898    ..   10845

© SecPod Technologies